Perspective: Layered Security at the Point of Sale
First Data has teamed up with RSA , the Security Division of EMC , to launch the First Data Secure Transaction Management service, a layered security solution that will eliminate the need for merchants to store payment card numbers at the point of sale. Eliminating storage could dramatically decrease the cost and complexity of complying with the Payment Card Industry Data Security Standard (PCI DSS).
The new, layered solution blends advanced public-key encryption and tokenization technologies. Encryption makes the data unreadable to anyone that doesn’t have the decryption key. A “public key” encrypts the card information at the point of sale and a private key at First Data decrypts the information. The public key rotation is automated and changes periodically to enhance security at the point of sale. The information returned to the merchant is a “token”—or proxy—so the merchant isn’t storing customer card data.
The solution is hardware-agnostic; it’s designed to work with most point-of-sale systems.